How to enable or disable GSSAPI authentication in SSH

GSSAPI or Generic Security Service Application Programming Interface allows login to an SSH server via alternative mechanisms such as Kerberos.

It's useful for those that need the feature but if you're just using the normal password or public key authentication method, it could just unnecessarily slow the overall login process.

You can disable (or enable) GSSAPI authentication for SSH via GSSAPIAuthentication directive in your SSHd configuration.

GSSAPIAuthentication
Specifies whether user authentication based on GSSAPI is allowed. The default is no.

Steps to disable/enable GSSAPI authentication in SSH:

Launch your preferred terminal application (optional).
Open SSHd configuration file using your favorite text editor.
```
$ sudo vi /etc/ssh/sshd_config
[sudo] password for user:
```
Search for GSSAPIAuthentication directive and set the value to no to disable GSSAPIAuthentication authentication method or set to yes to enable.
```
GSSAPIAuthentication no
```
Add the line if it doesn't already exist and remove the # at the beginning of the line if existing line starts with a #.
Reload or restart SSH server service.
```
$ sudo systemctl restart sshd
```
Related: How to start, restart and stop SSH service

Author: Mohd Shakir Zakaria
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.

Discuss the article:

Comment anonymously. Login not required.